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Electronic Data Storage Apparatus with Key Management 
Function and Electronic Data Storage Method 

Background of the Invention 
Field of the Invention 

The present invention relates to the security of 
electronic documents, and more specifically to an 
electronic data storage apparatus with a key 
management function and an electronic data storage 
method for guaranteeing the security of electronic 
data by changing the key used in a process of 
encrypting electronic data in document form in a local 
environment and a global environment. 

With an increasing number of electronic 
transactions and of computers used in official fields, 
etc., important documents such as contracts, domicile 
certificates, etc. have come to be processed as 
electronic data through networks. 

In common contracts and renewal procedures, the 
originals of documents (contracts, applications, 
receipts, etc.) and their copies (domicile 
certificates and their extracts, etc.) are often 
required. The originals and the copies can be clearly 
distinguished between them if they are printed on 
paper because the physical features of paper and ink 
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are different between the originals and the copies. 
On the similar ground, the originals could not be 
easily amended. 

However, electronic documents are easily copied 
5 to have two same electronic documents, thereby causing 
the problem that the user cannot tell which is the 
original document. Therefore, there arises the case 
where an important document once represented by 
electronic data is printed onto paper for storage and 
10 transfer by mail. 

When an important document is stored or 
transferred as an electronic document according to the 
conventional method, a common algorithm is used in an 
electronic data storage apparatus to guarantee the 
15 security by performing an encrypting process on the 
electronic data forming the document. There are two 
types of keys for use in the algorithm. One is a 
common encryption using a common key between a 
transmitter and a receiver of electronic data. The 
20 other is a public key encryption using a public key 
and a private key. 

Thus, in the conventional technology, the 
security of an electronic document is guaranteed by 
using different keys in an encrypting process between 
25 the local environment for electronic data storage 



devices for storing the same type of electronic data 
and the global environment for a number of general 
electronic data storage devices for storing different 
types of electronic data. However, since a common 
algorithm is used in the electronic data storage 
device, the common key is accidentally used in the 
electronic data storage device in the global 
environment, and the public key can be used in the 
local environment . 

As a result, there has been the problem that an 
authentication station required to manage the public 
key is operated even on an electronic data storage 
device to be used only in the local environment, or 
the reliability on all important documents is lost by 
the common key disclosed to the electronic data 
storage devices in the global environment. 

Summary of the Invention 

The present invention aims at providing an 
electronic data storage apparatus with a key 
management function capable of performing a key 
management process applicable to each environment by 
transmitting and receiving electronic data after 
performing an encrypting process on the electronic 
data using an individual key unique to an electronic 



data storage device when the device stores the 
electronic data, and after performing an encrypting 
process using a common key applicable to either a 
local environment or a global environment when 
electronic data is transmitted to or received from 
another electronic data storage device. 

Another object of the present invention is to 
provide a method of storing electronic data with the 
security of the electronic data guaranteed by 
transmitting to or receiving from another electronic 
data storage device after re-encrypting using a common 
key the electronic data already encrypted using an 
individual key. 

The electronic data storage apparatus according 
to the present invention includes a key management 
unit for managing an individual key unique to each 
electronic data storage apparatus, and a common key 
shared with other electronic data storage apparatuses; 
and an encryption unit for performing an encrypting 
process using the individual key on the electronic 
data stored in each electronic data storage apparatus, 
and performing an encrypting process using the common 
key or through data verification on the electronic 
data transmitted to or received from other electronic 
data storage apparatuses. 



The key management unit; manages a individual key 
unique to the electronic data storage apparatus to 
which it belongs, and a common key shared with other 
electronic data storage apparatuses. 

The encryption unit performs an encrypting 
process using an individual key on the electronic data 
stored in the electronic data storage apparatus to 
which it belongs, and performs an encrypting process 
or data verification using a common key on the 
electronic data transmitted to and received from other 
electronic data storage apparatuses. 

As described above, an encrypting process can be 
performed using an individual key unique to each 
electronic data storage apparatus on the electronic 
data to be stored in it, and an encrypting process and 
data verification can be performed using a common key 
shared with other electronic data storage apparatuses 
on the electronic data transmitted to and received 
from the apparatuses. 

The common key managed by the key management unit 
can also be a group key shared in a group of a 
plurality of electronic data storage apparatuses. 

At this time, a main electronic data storage 
apparatus exists in a group, and its own encryption 
unit generates an individual key of each of the 



electronic data storage apparatuses in the group using 
its own individual key. The generated individual key 
can be distributed to each electronic data storage 
apparatus, or a group key can be generated and 
distributed. Also, the group key can be generated and 
distributed by associating a key already assigned to 
the main electronic data storage apparatus with an 
externally specified new key. 

Furthermore, there can be an electronic data 
storage and management apparatus for managing each of 
the main electronic data storage apparatuses of 
respective groups. The encryption unit of the 
apparatus can generate an individual key of each of 
the main electronic data storage apparatuses using its 
own individual key, and distribute the generated 
individual key to the main electronic data storage 
apparatuses . 

In addition to the group key, the key management 
unit can also manage a public key as a communications 
key for use in transmitting data to and receiving data 
from an electronic data storage apparatus belonging 
to a group different from the electronic data storage 
apparatus to which it belongs. 

In addition to the individual key and the common 
key, the key management unit can also manage a master 



key common in all electronic data storage apparatuses . 

At this time, using the master key the encryption 
unit of each electronic data storage apparatus can 
generate an individual key by encrypting the 
information identifying the apparatus to which it 
belongs. When a main electronic data storage 
apparatus exists in a group, its encryption unit 
generates a group key by encrypting the information 
identifying the group using the individual key 
generated in the apparatus to which the encryption 
unit belongs, and the generated group key can be 
distributed to each of the electronic data storage 
apparatuses in the group. 

Furthermore, a hierarchical structure in which 
a group of a plurality of electronic data storage 
apparatuses is defined as one hierarchical level is 
designed. In this structure, a key management unit 
can also manage a group key as a common key depending 
on the hierarchical level of the group of the 
electronic data storage apparatus to which the key 
management unit belongs. In a higher order group of 
electronic data storage apparatuses in the 
hierarchical structure, there can be an electronic 
data storage and management apparatus for managing the 
electronic data storage apparatuses in the group 
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immediately below it. The electronic data storage and 
management apparatus can generate a group key 
corresponding to the hierarchical level immediately 
below it using its own individual key, and distribute 
5 the generated group key to the electronic data storage 
apparatuses in the group immediately below the group 
of the electronic data storage and management 
apparatus . 

In the method of storing electronic data 

10 according to the present invention, the electronic 
data is communicated using a common key shared among 
electronic data storage apparatuses, and an encrypting 
process can be performed using the individual key 
unique to each electronic data storage apparatus on 

15 the data to be stored in its own apparatus. 

In the method of storing electronic data 
according to the present invention, a group key can 
be stored as a common key to be shared in a group of 
a plurality of electronic data storage apparatuses. 

20 The electronic data encrypted in the transmitting 
electronic data storage apparatus using an individual 
key unique to the apparatus can be re-encrypted using 
a group key and transmitted to a receiving electronic 
data storage apparatus . The electronic data received 

25 by the receiving electronic data storage apparatus can 



be verified using the group key. If the electronic 
data is correct according to the verification, the 
electronic data can be re-encrypted and stored by the 
receiving apparatus using the individual key unique 
5 to the apparatus. 

In addition, a public key is stored as a common 
key to be shared between a electronic data storage 
apparatus in a group and another electronic data 
storage apparatus in a different group. Between the 

10 above described apparatuses, the transmitting 
apparatus re-encrypts and transmits, using a public 
key, the electronic data encrypted using an individual 
key and stored in the apparatus, verifies the 
electronic data received by the receiving apparatus 

15 using a private key which is a pair to the public key. 

If the data is correct according to the verification, 
then the electronic data can be stored after being re- 
encrypted using the individual key unique to the 
receiving electronic data storage apparatus. 

20 A computer-readable storage medium used in the 

electronic data storage apparatus according to the 
present invention can store a program having the 
function of verifying the electronic data stored in 
the electronic data storage apparatus using an 

25 individual key unique to the apparatus; and the 
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function of transmitting the electronic data after re- 
encrypting it using a common key shared with a 
receiving apparatus if the data is correct according 
to the verification. 
5 A computer -readable storage medium used in the 

electronic data storage apparatus according to the 
present invention can store a program having the 
function of verifying externally received electronic 
data using a common key shared with a transmitting 
10 apparatus; and the function of storing the electronic 
data after re-encrypting it using the individual key 
unique to the receiving apparatus if the data is 
correct according to the verification. 

15 Brief Description of the Drawings 

The features and advantages of the present 
invention will be more clearly appreciated from the 
following description taken in conjunction with the 
accompanying drawings in which like elements are 
20 denoted by like reference numerals and in which: 

FIG. 1 is a block diagram of the configuration 
showing the principle of the present invention; 

FIG. 2 is a block diagram of the configuration 
of the electronic data storage apparatus according to 
25 the first embodiment of the present invention; 
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FIG. 3 is a flowchart of the entire process of 
the electronic data storage apparatus according to the 
first embodiment of the present invention; 

FIG. 4 is a flowchart of the process of 
5 transmitting and receiving data between electronic 
data storage apparatuses belonging to the same group; 

FIG. 5 is a flowchart of the process of 
transmitting and receiving data between electronic 
data storage apparatuses belonging to different 
10 groups; 

FIG. 6 is a flowchart of the process of storing 
electronic data when an individual key is 
preliminarily assigned; 

FIG. 7 is a flowchart of the process of managing 
15 an individual key of the electronic data storage 
apparatus by a group master; 

FIG. 8 is a flowchart of the process of 
generating an individual key with two keys associated 
with each other; 
20 FIG. 9 is a flowchart of managing a group key by 

a group master; 

FIG. 10 is a flowchart of the process of 
generating a group key with two keys associated with 
each other; 

25 FIG. 11 is a block diagram of the configuration 
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of the electronic data storage apparatus according to 
the second embodiment of the present invention; 

FIG. 12 is a flowchart of the process of 
generating an individual key using a master key 
5 according to the second embodiment of the present 
invention; 

FIG. 13 is a flowchart of the process of 

generating a group key according to the second 

embodiment of the present invention; 
10 FIG. 14 is a flowchart of the process of 

generating an individual key of a group master by a 

group management and electronic data storage 

apparatus ; 

FIG. 15 shows the hierarchy of groups; 
15 FIG. 16 shows the communications of the 

electronic data storage apparatuses between a higher 

order group and a lower order group; 

FIG. 17 is a flowchart of the process of 

transmitting data from a storage apparatus in a higher 
20 order group to a storage apparatus in a lower order 

group; 

FIG. 18 is a flowchart of the process of 
transmitting data from a storage apparatus in a lower 
order group to a storage apparatus in a higher order 
25 group; 
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FIG. 19 shows the storage of an electronic 
document using an individual key; 

FIG. 20 shows the process of transmitting and 
receiving data between two storage apparatuses 
5 belonging to the same group; 

FIG. 21 shows the method of computing amendment 
detection information MAC; 

FIG. 22 shows the method of generating a key; 

FIG. 23 shows the generation and the distribution 
10 of a group key; 

FIG. 24 shows the method of managing the entire 
system through group management SA when there are a 
plurality of groups each comprising a plurality of 
SAs ; and 

15 FIG. 25 shows the loading of a program onto the 

computer for realizing the electronic data storage 
apparatus according to the present invention. 

Description of the Preferred Embodiments 

20 FIG. 1 is a block diagram of the configuration 

showing the principle of the present invention. An 
electronic data storage apparatus 1 shown in FIG. 1 
encrypts electronic data using an individual key 
unique to the apparatus, stores the data, and 

25 transmits and receives data using a common key 
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applicable to a local environment: or a global 
environment when an electronic data storage apparatus 
transmits or receives data between another electronic 
data storage apparatus. 
5 In FIG. 1, a key management unit 2 manages an 

individual key unique to the electronic data storage 
apparatus to which the unit belongs and a common key 
shared between the apparatus and another electronic 
data storage apparatus. 

10 An encryption unit 3 performs an encrypting 

process using an individual key on the electronic data 
stored in the apparatus to which the unit belongs, and 
performs an encrypting process or data verification 
using a common key on the electronic data transmitted 

15 to and received from another electronic data storage 
apparatus . 

As described above, according to the present 
invention, an encrypting process is performed on the 
electronic data to be stored in each apparatus using 

20 an individual key unique to the apparatus, and 
performs an encrypting process and verification on the 
electronic data transmitted to or received from 
another electronic data storage apparatus using a 
common key shared between the two apparatuses. 

25 FIG. 2 is a block diagram of the configuration 
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of the electronic data storage apparatus with a key 
management function according to the first embodiment 
of the present invention. In the first embodiment of 
the present invention, an electronic data storage 
5 apparatus 10 stores three types of key, that is, an 
individual key, a group key, and a public key. 

In FIG. 2, a control unit 11 controls the entire 
operation of the system. A key management unit 12 
manages a key stored in the electronic data storage 

10 apparatus 10, and an encryption unit 13 generates a 
key, encrypts electronic data, and verifies the 
electronic data as necessary. 

An individual key storage unit 14 stores an 
individual key unique to the electronic data storage 

15 apparatus 10 to which the unit belongs. A group key 
storage unit 15 stores a group key as a common key in 
a group of a plurality of electronic data storage 
apparatuses 10. A public key storage unit 16 stores 
a public key to be used when electronic data is 

20 transmitted to or received from an electronic data 
storage apparatus 10 belonging to another group. 

The electronic data storage apparatus 10 further 
comprises a data storage unit 17 for storing 
electronic data, and a communications unit 18 for 

25 transmitting and receiving electronic data to and from 
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another electronic data storage apparatus. The 
communications unit 18 is connected to a network. 

FIG. 3 is a flowchart of the entire process of 
the electronic data storage apparatus according to the 
5 first embodiment of the present invention. In FIG. 
3, when electronic data is input or, for example, an 
instruction to transmit electronic data is input in 
step SI, it is determined in step S2 whether or not 
the data is to be stored in the electronic data 

10 storage apparatus. The instruction to transmit data 
input in step SI is provided from the user of the 
storage apparatus or an application through, for 
example, a network. 

When data is to be stored, an individual key 

15 stored by the individual key storage unit 14 is 
selected by the key management unit 12 in step S3, and 
an encrypting process is performed on the electronic 
data by the encryption unit 13 using the individual 
key in step S4. In step S5, the data storage unit 17 

20 stores the data, thereby terminating the process. 

If data is not to be stored in step S2, it is 
determined in step S6 whether or not the instruction 
received in step SI indicates the transmission and 
reception of data between electronic data storage 

25 apparatuses in the same group. If yes, the key 
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management unit 12 selects a group key stored by the 
group key storage unit 15 in step S7, the encryption 
unit 13 performs an encrypting process using a group 
key in step S8, and the communications unit 18 
5 transmits electronic data in step S9, thereby 
terminating the process. 

If it is determined in step S6 that data is not 
transmitted or received in the same group, it is 
further determined in step Sll whether or not data is 

10 to be transmitted or received between electronic data 
storage apparatuses belonging to different groups. 
If not, the process terminates without proceeding with 
the process. If yes, the key management unit 12 
selects a public key from the public key storage unit 

15 16 in step SI 2, an encrypting process is performed 
using a public key in step S8, data is transmitted in 
step S9, thereby terminating the process. 

FIG. 4 is a flowchart showing the details of the 
intra-group data transmission and reception process 

20 shown in FIG. 3. In FIG. 4, when an intra-group 
communications instruction is provided for the 
transmitting electronic data storage apparatus in step 
SI 5, data to be transmitted from the data storage unit 
17 is selected in step S16, the key management unit 

25 12 selects an individual key stored by the individual 
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key storage unit 14 in step S17, and the encryption 
unit 13 decrypts the electronic data and verifies the 
contents of the data using the individual key in step 
S18. The process performed by the encryption unit 13 
5 is described later in detail. 

If it is determined as a result of the 
verification of the electronic data that the 
electronic data has not been amended, then the key 
management unit 12 selects a group key stored in the 

10 group key storage unit 15 in step S19, the encryption 
unit 13 encrypts the electronic data using the group 
key in step S20, and the communications unit 18 
transmits the data to the receiving electronic data 
storage apparatus in step S21. 

15 In the receiving electronic data storage 

apparatus, the communications unit 18 receives data 
in step S24, the key management unit 12 selects a 
group key stored by the group key storage unit 15 in 
step S25, and the encryption unit 13 decrypts the 

20 electronic data and verifies the contents of the data 
using the group key in step S26. 

If it is determined as a result of the 
verification that the electronic data has not been 
amended, then the key management unit 12 selects an 

25 individual key stored by the individual key storage 
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unit 14 in step S27, the encryption unit 13 encrypts 
the electronic data using the individual key in step 
S28, and the data storage unit 17 stores the data in 
step S29, thereby terminating the process. 
5 FIG. 5 is a flowchart of the process of 

transmitting and receiving data between electronic 
data storage apparatuses belonging to different 
groups. Described below are the portions different 
from those in the flowchart of the process of 

10 transmitting and receiving data between electronic 
data storage apparatuses in the same group as shown 
in FIG. 4. First, a transmitting electronic data 
storage apparatus receives an instruction to 
communicate with an electronic data storage apparatus 

15 belonging to a different group in step S31, and a 
process in steps S16 through S18 is performed 
similarly as in FIG. 4. Then, the key management unit 
12 selects a public key stored by the public key 
storage unit 16 in step S32, an encrypting process is 

20 performed using the public key in step S33, and the 
result is transmitted to the receiving electronic data 
storage apparatus in step S21 . 

In the receiving electronic data storage 
apparatus, the key management unit 12 selects a 

25 private key which is a pair to a public key stored in 
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the public key storage unit 16 in step S36 after 
receiving data in step S24, and the encryption unit 
13 decrypts the data and verifies the contents of the 
data using the public key encryption algorithm in step 
5 S37. 

If it is verified that no amendments have been 
made to the electronic data, then the process in steps 
S27 through S29 is performed similarly as in FIG. 4, 
thereby terminating the process. In this case, an 

10 electronic document can be processed in a common 
method such as PEM (privacy enhanced mail) through 
which an electronic signature is transmitted using a 
private key from the transmitting apparatus and 
simultaneously a document encrypted using a public key 

15 is transmitted from the receiving apparatus. 

Otherwise, communications can also be established by 
temporarily sharing a session key based on the D-H 
(Dif f ie-Hellman system) in addition to the public keys 
of the transmitting apparatus and the receiving 

20 apparatus . 

The PEM is an electronic mail system with 
enhanced security which is proposed as a preferred 
standard for the Internet. In the PEM, the DES (data 
encryption standard) process is used in encrypting a 

25 document. The PEM has the feature that a destination 
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can be authenticated. 

The D-H method is a public key distribution 
method suggested by Diffie and Hellman, and has the 
feature of secretly sharing a key between two parties . 
5 As described by referring to FIGs. 4 and 5, when 

data is transmitted and received between electronic 
data storage apparatuses in the same or different 
groups, the data stored after being encrypted using 
an individual key by the transmitting apparatus is 

10 transmitted after being re-encrypted using a group key 
for the same group, and using a public key for 
different groups. In the receiving apparatus, data 
is verified using a group key for the same group, and 
using a public key for different groups, and is then 

15 stored after being re-encrypted using an individual 
key. As a result, for example, although there is the 
possibility that a group key is disclosed, the 
electronic data stored in each electronic data storage 
apparatus can be secured. 

20 The flowchart of generating and managing a key 

stored by each electronic data storage apparatus is 
described below by referring to FIGs. 6 through 10. 
FIG. 6 is a flowchart of the data storing process 
performed when an individual key of each electronic 

25 data storage apparatus is preliminarily assigned. A 



22 

key preliminarily assigned to an electronic data 
storage apparatus refers to, for example, a key 
assigned to each apparatus when the electronic data 
storage apparatus is delivered for sale from a 
5 factory. Since the key is managed by its maker, it 
is called a maker key. 

In FIG. 6, an electronic data storage apparatus 
having the function of managing a key is generated by 
its maker in step S40 at the delivery from the 

10 factory, and the maker generates a maker key for the 
electronic data storage apparatus in step S41. In 
step S42, the electronic data storage apparatus is 
delivered after the maker key is set in the individual 
key storage unit 14. The maker key is managed by the 

15 maker together with the identification information 
about the electronic data storage apparatus, for 
example, its ID. 

When the electronic data storage apparatus is 
used, electronic data is received in step S44, the key 

20 management unit 12 selects the maker key stored by the 
individual key storage unit 14 in step S45, the 
encryption unit 13 encrypts electronic data using the 
maker key in step S46, and the data storage unit 17 
stores the data in step S47, thereby terminating the 

25 process. 
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Thus, by using a maker key managed by the maker 
as an individual key of an electronic data storage 
apparatus, it is not necessary for a user to manage 
a key. In addition, the disclosure of the key can be 
5 minimized on the user side. Although the encryption 
unit 13 of the electronic data storage apparatus on 
the user side has become out of order, the data in the 
electronic data storage apparatus can be reconstructed 
using the maker key managed by the maker. 

10 FIG. 7 is a flowchart of the process of managing 

an individual key of an electronic data storage 
apparatus by a main electronic data storage apparatus 
in a group, for example, a group master. When the 
process starts as shown in FIG. 7, a main electronic 

15 data storage apparatus, for example, a group master 
is determined in a group of a plurality of electronic 
data storage apparatuses in step S50. In step S51, 
an individual key of each electronic data storage 
apparatus belonging to the group is generated using 

20 the key of the group master. In step S52, the 
individual key of each electronic data storage 
apparatus generated by the group master is 
distributed. In step S53, each electronic data 
storage apparatus sets the distributed key in its 

25 individual key storage unit 14, thereby terminating 
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the process. The method of the group master 
generating each individual key and distributing the 
key is described later. 

FIG. 8 is a flowchart of the process of 
5 generating an individual key with two keys associated 
with each other. The two keys refer to, for example, 
a key preliminarily assigned to an electronic data 
storage apparatus, and a newly specified key. The 
preliminarily assigned key is, for example, the above 

10 described maker key. The newly specified key is set 
by a manager who uses the electronic data storage 
apparatus, and is referred to as a manager key. 
Unlike a user, a manager can also sets an individual 
key and a group key. The user can only store, refer 

15 to, and transfer electronic data. 

In FIG. 8, when an instruction to generate a new 
individual key is issued by a manager in step S55, the 
manager specifies a manager key in step S56, and an 
individual key is generated with the above described 

20 maker key associated with the manager key by the 
encryption unit 13 in step S57. In step S58, the key 
management unit 12 sets the generated individual key 
in the individual key storage unit 14, thereby 
terminating the process. The process of generating 

25 an individual key with a maker key associated with a 
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manager key is described later. 

Thus, by associating a maker key with a manager 
key when an individual key of an electronic data 
storage apparatus is generated, a manager can manage 
electronic data storage apparatuses depending on a 
change in organization, settings of a group, an 
environment, and an operation mode. Furthermore, when 
an encryption unit becomes out of order, the maker can 
reconstruct and verify data as described above. 

FIG. 9 is a flowchart of managing a group key by 
a group master. A group key is used in transmitting 
and receiving electronic data in a group as described 
above. The flowchart shown in FIG. 9 is the same as 
the flowchart of the process of managing an individual 
key by a group master shown in FIG. 7. 

That is, after determining a group master in step 
S60, a group key is generated by the group master in 
step S61. In step S62, the group key is distributed 
to the electronic data storage apparatuses in the 
group. In step S63, each electronic data storage 
apparatus sets the distributed group key in its own 
group key storage unit 15, thereby terminating the 
process . 

FIG. 10 is a flowchart of the process of 
generating a group key with two keys associated with 
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each other as in FIG. 8 in which two keys refer to a 
maker key and a manager key. 

The first two steps in FIG. 10 are the same as 
those in FIG. 8. Then, in step S66, the encryption 
5 unit 13 generates a group key with a maker key 
associated with a manager key. In step S67, the key 
management unit 12 sets a group key in the group key 
storage unit 15. In step S68, the group key is 
distributed to the electronic data storage apparatuses 
10 belonging to the group, thereby terminating the 
process. The process according to the flowchart is 
performed by, for example, the above described group 
master. 

FIG. 11 is a block diagram of the configuration 
15 of the electronic data storage apparatus according to 
the second embodiment of the present invention. As 
compared with the configuration according to the first 
embodiment shown in FIG. 2, an master key storage unit 
20 for storing a master key which is a common key 
20 shared by all electronic data storage apparatuses is 
the only difference from the configuration according 
to the first embodiment. 

FIG. 12 is a flowchart of the process of 
generating an individual key using a master key 
25 according to the second embodiment of the present 
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invention. In FIG. 12, when an instruction to 
generate an individual key is received in step S70, 
the identification information about each electronic 
data storage apparatus, for example, an ID of the 
5 electronic data storage apparatus, is obtained by the 
control unit 11 in step S71, and a master key stored 
in the master key storage unit 20 is obtained by the 
key management unit 12 in step S72. In step S73, the 
encryption unit 13 encrypts the electronic data 

10 storage apparatus identification information using the 
master key, and an individual key is generated. The 
encrypting process is described later. Then, in step 
S74, the key management unit 12 sets the generated 
individual key in the individual key storage unit 14, 

15 thereby terminating the process. 

Thus, an individual key can be automatically 
generated by each electronic data storage apparatus 
by each apparatus generating each individual key using 
the master key shared by all electronic data storage 

20 apparatuses. In addition, a maker of electronic data 
storage apparatuses can verify and reconstruct the 
stored data by referring to the identification 
information about each electronic data storage 
apparatus when, for example, its encryption unit 

25 becomes out of order. 
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FIG. 13 is a flowchart of the process of 
generating and distributing a group key according to 
the second embodiment of the present invention. In 
this process, no master keys are used, and the similar 
5 process can be performed according to the first 
embodiment of the present invention. 

When an instruction to generate a group key is 
issued to a group master in step S75 shown in FIG. 13, 
the control unit 11 of the group master obtains group 

10 identification information in step S76. The group 
identification information is an ID for identifying 
the group managed by the group master. In step S77, 
the key management unit 12 selects an individual key 
stored by the individual key storage unit 14, and the 

15 encryption unit 13 generates a group key by encrypting 
the group identification information using the 
individual key in step S78. In step S79, the 
generated group key is distributed from the 
communications unit 18 to the electronic data storage 

20 apparatuses in the group. 

In the electronic data storage apparatus which 
belongs to the group and is managed by the group 
master, the communications unit 18 receives the group 
key in step S80a, and the key management unit 12 sets 

25 the group key in the group key storage unit 15 in step 



29 

S80b, "thereby terminating the process. 

FIG. 14 is a flowchart of the process of 
generating an individual key of a group master by a 
group management and electronic data storage 
5 apparatus. A group management and electronic data 
storage apparatus manages main electronic data storage 
apparatuses in a plurality of groups, that is, manages 
a plurality of group masters. The group management 
and electronic data storage apparatus generates an 

10 individual key for each group master, and distributes 
it to the group master. 

In instruction to generate an individual key of 
a group master is received in step S82. In step S83, 
group identification information is specified for each 

15 of a plurality of groups. In step S84, the key 
management unit 12 selects an individual key stored 
in the individual key storage unit 14. In step S85, 
the encryption unit 13 encrypts each piece of the 
group identification information using the individual 

20 key, and an individual key for each group master is 
generated. In step S86, the individual key is 
distributed to each group master, thereby terminating 
the process. 

Described below is the hierarchy of groups. For 
25 example, in FIG. 3, a plurality of groups of 
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electronic data storage apparatuses are equal to each 
other according to the first and the second 
embodiments of the present invention. FIG. 15 shows 
the case in which a group is designed to form a 
5 hierarchy of higher and lower order groups. 

In FIG. 15, a higher order group manages a lower 
order group to be managed. An electronic data storage 
apparatus ( SA ) belonging to the higher order group 
stores, for example, a higher order group key for the 

10 group to which it belongs, and a lower order group key 
which is a key of the lower order group which it 
manages. On the other hand, an electronic data 
storage apparatus belonging to the lower order group 
stores only the lower group key for the group to which 

15 it belongs. Then, for example, in the higher order 
group, the lower order group master SA for managing 
the lower order electronic data storage apparatuses 
generates a lower order group key and distributes it 
to the electronic data storage apparatuses SA in the 

20 lower order group. The SA is short for a secure 
archiver, and refers to an electronic data storage 
apparatus . 

FIG. 16 shows the communicating method between 
two groups related in a hierarchical structure. The 
25 communications between the SAs in a higher order group 
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are established using a higher order group key whereas 
the communications between the SAs in a lower order 
group are established using a lower order group key. 
The communications between an SA of a higher order 
5 group, for example, an SA 1, and an SA of a lower 
order group, for example, an SA 2, are established 
through a lower order group master SA which is one the 
SAs of the higher order group and manages the SAs of 
the lower order group. The communications between the 

10 lower order group master SA and an SA belonging to the 
lower order group, for example, the SA 2 are 
established using a lower order group key. 

If the lower order group master SA belongs to a 
management unit of an organization, then a 

15 hierarchical group can be realized by the SA of the 
management unit generating, distributing, and managing 
an individual key of an SA or a group key of each 
department, etc. The data stored in each SA can be 
verified by the management unit. 

20 FIG. 17 is a flowchart of the process of 

transmitting data from an SA 1 in a higher order group 
to an SA 2 in a lower order group. When an 
instruction to transfer data from the SA 1 of the 
higher order group to the SA 2 of the lower order 

25 group is issued in step S91 shown in FIG. 17, the key 
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management unit 12 shown in FIG. 2 selects an 
individual key stored in the individual key storage 
unit 14 in step S92, and the encryption unit 13 
decrypts and verifies data using the individual key. 
5 Then, the key management unit 12 selects the higher 
order group key stored in the group key storage unit 
15 in step S94. In step S95, the encryption unit 13 
encrypts the electronic data using the higher order 
group key. In step S96, the encrypted electronic data 

10 is transferred from the communications unit 18 to the 
lower order group master SA. 

In the lower group master SA, the communications 
unit 18 receives the encrypted data in step S97, and 
the key management unit 12 selects the higher order 

15 group key stored in the group key storage unit 15 in 
step S98. In step S99, the encryption unit 13 
decrypts and verifies the electronic data using the 
higher order group key. In step S100, the key 
management unit 12 selects the lower order group key 

20 stored in the group key storage unit 15. In step 
S101, the encryption unit 13 encrypts data using the 
lower order group key. In step S102, the 

communications unit 18 transfers the encrypted data 
to a lower order group SA 2. 

25 In the lower order group SA 2, the communications 
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unit 18 receives the encrypted data in step S103, and 
the key management unit 12 selects the lower order 
group key stored in the group key storage unit 15 in 
step S104. In step S105, the encryption unit 13 
5 decrypts and verifies the electronic data using the 
lower order group key. In step S106, the key 
management unit 12 selects the individual key stored 
in the individual key storage unit 14. In step S107, 
the encryption unit 13 encrypts data using the 

10 individual key. In step S108, the control unit 11 
stores data in the data storage unit 17, thereby 
terminating the process. 

FIG. 18 is a flowchart of the process of 
transmitting data from a lower order group SA 2 to a 

15 higher order group SA 1. The flowchart shows the 
reverse process of the process shown in FIG. 17. That 
is, the data transmitting SA 2 performs the process 
using an individual key and a lower order group key, 
and the lower order group master SA decrypts and 

20 verifies data using a lower order group key, and then 
encrypts the data using a higher order group key. The 
receiving SA 1 performs the process using a higher 
order group key and an individual key. 

In the description of the process shown in FIG. 

25 17, the configuration of the electronic data storage 
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apparatus according to the first embodiment is 
described. However, the processes shown in FIGs. 17 
and 18 are similarly performed in the electronic data 
storage apparatus according to the second embodiment 
5 described by referring to FIG. 2. 

Described below are the methods of storing 
electronic data (electronic documents) using an 
individual key, utilizing a group key in a group, 
generating amendment detection information (message 

10 authentication code (MAC)) for the electronic data, 
generating a key, etc. 

FIG. 19 shows the method of storing an electronic 
document using an individual key. In FIG. 19, when 
an instruction to store an electronic document is 

15 issued to an electronic data storage apparatus, a MAC 
is generated using the individual key and the 
electronic document, and the MAC and the electronic 
document are stored . 

FIG. 20 shows the process of transmitting and 

20 receiving data between two electronic data storage 
apparatuses belonging to the same group. In FIG. 20, 
the transmitting electronic data storage apparatus A 
re-computes the MAC, verifies an electronic document, 
computes the MAC corresponding to a group key and the 

25 electronic document, and transmits the MAC and the 



35 

electronic document to the electronic data storage 
apparatus B. 

Then, the electronic data storage apparatus B 
receives the MAC and the electronic document, verifies 
5 the contents of the MAC using the group key, computes 
the MAC corresponding to the individual key and the 
electronic document if the verification result is 
correct, and stores the computed MAC and the 
electronic document. 

10 FIG. 21 shows the method of computing amendment 

detection information MAC for electronic data 
described by referring to FIGs. 19 and 20. In 
computing the MAC, the DES (data encryption standard) 
adopted by the US Standard Institute for use in 

15 encrypting electronic data is used. In this 

encrypting method, the encrypting/decrypting process 
can be performed by one LSI . 

In FIG. 21, the original data is divided into 64- 
bit blocks Ml, M2, Mn. The DES process is 

20 performed on the first 64-bit block Ml using a key, 
for example, an individual key. An exclusive logical 
sum of the resultant 64-bit data and the next 64-bit 
block M2 is obtained. 

Then, the DES process is performed again on the 

25 result using, for example, an individual key, and a 
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64-bit result is obtained. The similar process is 
continued. Among the resultant 64-bit results, the 
higher order 32 bits are obtained as the amendment 
detection information MAC. The computation of the 
5 amendment detection information MAC is not limited to 
the above described method, but can be obtained using 
other algorithms . 

FIG. 22 shows a common method of generating a 
key. In FIG. 22, for example, when the above 

10 described group master generates and distributes an 
individual key of an electronic data storage apparatus 
belonging to its group, the DES process is performed 
using the information identifying each electronic data 
storage apparatus, for example, an ID and an 

15 individual key of the group master as a seed key. An 
individual key corresponding to each storage apparatus 
can be generated and distributed as a new key. As 
described above, a new key can be similarly generated 
with two keys, for example, a maker key and a manager 

20 key, associated with each other. 

An individual key can be distributed online using 
a key distributing server or a GKMF (group key 
management frame work ) based on the authentication 
using a public key. A medium such as a floppy disk, 

25 an IC card, etc. can also be used to distribute the 
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key offline. 

The GKMF is performed to set and manage a key by 
assigning a certificate based on the public key 
authentication to each group member. The 
5 authentication using a public key refers to the system 
that two parties authenticate each other by obtaining 
the third party's guarantee (electronic signature) for 
a public key using an authentication station as the 
reliable third party. 

10 FIG. 23 shows the generation and the distribution 

of a group key. In FIG. 23, for example, there are 
two groups 1 and 2, and each group has a group master 
and three subordinate SAs. In FIG. 23, for example, 
a group master first generates a group master key (Gm 

15 key) using its own individual key, an I key, and the 
ID of the electronic data storage apparatus to which 
it belongs, then generates a group key and a G key 
using the Gm key and the ID of the group, and 
distributes the group key to the subordinate SAs. 

20 The group key is stored in the group key storage 

unit in each SA, and managed by a combination of an 
ID and a key for identifying each group. Normally, 
plural combinations of a group key and an ID for 
identifying a group are stored because an SA belongs 

25 to a plurality of groups and it is necessary for a 
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lower order group master SA described by referring to 
FIG. 16 to store a higher order group key and a lower 
order group key. In addition to a combination of a 
group key and an ID, an attribute such as the IP 
5 address, the name of an electronic data storage 
apparatus in a group, etc. can be simultaneously 
managed . 

In FIG. 23, the communications are established 
between the groups 1 and 2 using a session key (S 

10 key). The session key is a private key shared among, 
for example, group masters based on a public key 
certificate. A public key is used for communications 
with a plurality of different groups, managed by a 
plurality of, for example, group masters as with the 

15 case of a group key, and can be stored such that a 
reliable third party can confirm the authentication 
based on a public key certificate indicated by the 
ITU-TX509 of the International Telecommunications 
Union. 

20 FIG. 24 shows the method of managing the entire 

system through group management SA when there are a 
plurality of groups each comprising a plurality of 
SAs. In FIG. 24, there are three groups A, B, and C. 
Each group contains a main electronic data storage 

25 apparatus, that is, a group master. 
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A group management SA (group management and 
electronic data storage apparatus ) manages group 
masters SA of respective groups. For example, as 
shown in FIG. 14, an individual key of a group master 
5 SA is generated and distributed to each group master 
SA. Thus, by providing a group management SA for 
managing a plurality of groups, communications can be 
established with any of a number of groups even 
through a global network such as the Internet, etc. 

10 Finally described by referring to FIG. 25 is the 

process of loading a program for realizing the 
electronic data storage apparatus with a key 
management function according to the present invention 
onto a computer. In FIG. 25, a computer 25 stored in 

15 a secure case comprises a body 26 and memory 27, and 
a program can be loaded onto the body 26 from a secure 
portable storage medium 29. A program can also be 
loaded from a program provider through a network 28. 
Programs for use in performing various processes 

20 in the electronic data storage apparatus within the 
scope of the claims of the present invention, programs 
for transmitting and receiving data between electronic 
data storage apparatuses, and programs shown in each 
flowchart are stored in, for example, a secure memory 

25 27, and executed by the body 26. The secure memory 
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27 can be a hard disk, etc. 

Programs for use in transmitting and receiving 
data between electronic data storage apparatuses are 
stored in the secure portable storage medium 29, 
5 loaded onto the secure computer 25, thereby 
establishing communications. The secure portable 
storage medium 29 can be a secure memory card, floppy 
disk, CD/ROM, optical disk, magneto-optical disk, etc. 
Furthermore, programs for establishing data 
10 communications can realize the data communications by 
being loaded after transmitted to the computer 25 in 
a secure case from a program provider through the 
network 28. 

The embodiments of the present invention have 
15 been described above in detail. However, the present 
invention is not limited to the above descriptions. 
It is obvious that the present invention can be 
represented by various other embodiments within the 
scope of the claims of the invention. 
20 As described above in detail, the electronic data 

storage apparatus has the function of managing a key, 
thereby storing, transmitting, and receiving 
electronic data in any applicable environment with the 
security of important electronic documents guaranteed. 
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What is claimed is: 

1. An electronic data storage apparatus for storing 
electronic data, comprising: 

5 key management means for managing an individual 

key unique to the electronic data storage apparatus 
to which said means belongs, and a common key shared 
with other electronic data storage apparatuses; and 
encryption means for performing an encrypting 

10 process on electronic data stored in the electronic 
data storage apparatus to which said means belongs 
using the individual key, and performing an encrypting 
process using the common key or with data verification 
on electronic data transmitted to or received from 

15 another electronic data storage apparatus. 

2. The apparatus according to claim 1, wherein 
said key management means manages a group key as 

the common key to be shared in a group of a plurality 
20 of electronic data storage apparatuses. 

3. The apparatus according to claim 1, wherein: 

a main electronic data storage apparatus exists 
in the group; 

25 said encryption means of said main electronic 
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data storage apparatus generates an individual key of 
each electronic data storage apparatus in the group 
using an individual key of the apparatus to which said 
means belongs ; and 
5 said generated individual key is distributed to 

each electronic data storage apparatus belonging to 
the group. 

4. The apparatus according to claim 2, wherein: 
10 a main electronic data storage apparatus exists 

in the group; 

said encryption means of said main electronic 

data storage apparatus generates a group key to be 

shared in the group using an individual key of the 
15 apparatus to which said means belongs; and 

said generated group key is distributed to each 

electronic data storage apparatus belonging to the 

group . 

20 5. The apparatus according to claim 2, wherein: 

a main electronic data storage apparatus exists 
in the group; 

said encryption means of said main electronic 
data storage apparatus generates a group key to be 
25 shared in the group with a key preliminarily assigned 
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as the individual key to said main electronic data 
storage apparatus associated with a new key externally 
specified; and 

said generated group key is distributed to each 
5 electronic data storage apparatus belonging to the 
group . 

6. The apparatus according to claim 2, wherein: 

a main electronic data storage apparatus exists 
10 in the group, and an electronic data storage and 
management apparatus for managing respective main 
electronic data storage apparatuses in a plurality of 
groups exists; 

said encryption means of said electronic data 
15 storage and management apparatus generates an 
individual key of each of said main electronic data 
storage apparatuses using an individual key of the 
apparatus to which said means belongs; and 

said generated individual key is distributed to 
20 each of said main electronic data storage apparatuses. 

7. The apparatus according to claim 2, wherein 
said key management means manages, in addition 

to said group key as the common key, a public key for 
25 use in transmitting electronic data to and receiving 
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it from an electronic data storage apparatus belonging 
to a group different from a group of the electronic 
data storage apparatus to which said means belongs. 

5 8 . The apparatus according to claim 1 , wherein 

said individual key is preliminarily assigned to 
each electronic data storage apparatus before use of 
the apparatus. 

10 9. The apparatus according to claim 1, wherein: 

said encryption means generates the individual 

key with a key preliminarily set before use of the 

apparatus to which said means belongs with a new 

externally specified key; and 
15 said key management means manages the generated 

individual key. 

10. The apparatus according to claim 1, wherein 
said key management means manages, in addition 

20 to the individual key and the common key, a master key 
to be shared by all electronic data storage 
apparatuses. 

11. The apparatus according to claim 10, wherein: 
25 said encryption means generates the individual 
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key by encrypting information identifying the 
apparatus to which said means belongs using the master 
key ; and 

said key management means manages the generated 
5 individual key. 

12. The apparatus according to claim 11, wherein: 

a main electronic data storage apparatus exists 
in a group of a plurality of electronic data storage 

10 apparatuses; 

said encryption means of said main electronic 
data storage apparatus generates a group key as the 
common key by encrypting information identifying the 
group using the generated individual key; and 

15 said generated group key is distributed to each 

electronic data storage apparatus belonging to the 
group. 

13. The apparatus according to claim 1, wherein: 

20 a hierarchical structure of electronic data 

storage apparatuses is designed as having a group of 
a plurality of electronic data storage apparatuses as 
one hierarchical level; and 

said key management means manages a group key as 

25 the common key depending on a hierarchical level of 
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a group corrtaining the electronic data storage 
apparatus to which said means belongs. 



14. The apparatus according to claim 13, wherein: 

5 in the hierarchical structure of the electronic 

data storage apparatuses, an electronic data storage 
and management apparatus for managing electronic data 
storage apparatuses in a lower order group exists in 
a group at one level higher than the lower order 
10 group; 

said encryption means of said electronic data 
storage and management apparatus generates a group key 
for the lower order group using the individual key of 
the apparatus to which said means belongs; and 
15 said generated group key is distributed to the 

electronic data storage apparatuses in the group at 
one level lower . 

15. A method of managing electronic data in an 
20 electronic data storage apparatus in a hierarchical 

structure having a group of a plurality of electronic 
data storage apparatuses as one hierarchical level, 
comprising the steps of: 

a transmitting electronic data storage apparatus 
25 in one hierarchical level of the hierarchical 
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structure re-encrypting data, encrypted using an 
individual key which is unique to and stored in the 
apparatus, using a higher order group key 
corresponding to the hierarchical level, and 
5 transmitting the re-encrypted data to an electronic 
data storage and management apparatus for managing the 
electronic data storage apparatuses in a group at one 
hierarchical level lower; 

said electronic data storage and management 

10 apparatus for managing a lower group of electronic 
data storage apparatuses verifying the received data 
using the higher order group key; 

re-encrypting the electronic data using the lower 
order group key corresponding to one hierarchical 

15 level lower if the electronic data is correct as a 
result of the verification, and transmitting the data 
to a receiving electronic data storage apparatus in 
the group at one level lower; 

said receiving electronic data storage apparatus 

20 verifying received data using the lower order group 
key; and 

re-encrypting and storing received data using an 
individual key unique to the apparatus if the 
electronic data is correct as a result of the 
25 verification. 
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16. A method of managing electronic data in an 
electronic data storage apparatus in a hierarchical 
structure having a group of a plurality of electronic 
data storage apparatuses as one hierarchical level, 
5 comprising the steps of: 

a transmitting electronic data storage apparatus 
in one hierarchical level of the hierarchical 
structure re-encrypting data, encrypted using an 
individual key which is unique to and stored in the 

10 apparatus, using a lower order group key corresponding 
to the hierarchical level, and transmitting the re- 
encrypted data to a lower order group electronic data 
storage and management apparatus for managing the 
electronic data storage apparatuses in the group; 

15 said electronic data storage and management 

apparatus for managing a lower group of electronic 
data storage apparatuses verifying the received data 
using the lower order group key; 

re-encrypting the electronic data using the 

20 higher order group key corresponding to one 
hierarchical level higher if the electronic data is 
correct as a result of the verification, and 
transmitting the data to a receiving electronic data 
storage apparatus in the group at one level higher; 

25 said receiving electronic data storage apparatus 
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verifying received data using the higher order group 
key; and 

re-encrypting and storing received data using an 
individual key unique to the apparatus if the 
5 electronic data is correct as a result of the 
verification. 

17. A method of storing electronic data in an 
electronic data storage apparatus for storing the 

10 electronic data, comprising the steps of: 

communicating electronic data using a common key 
shared with other electronic data storage apparatuses; 
and 

performing an encrypting process using an 
15 individual key unique to an electronic data storage 
apparatus on data to be stored in the electronic data 
storage apparatus. 

18. The method according to claim 17, wherein 

20 said electronic data storage apparatus stores as 

the common key a group key shared in one group of a 
plurality of electronic data storage apparatuses; 

a transmitting electronic data storage apparatus 
transmits electronic data after re-encrypting using 

25 the group key the data stored in the apparatus and 
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encrypted using the individual key; 

a receiving electronic data storage apparatus 
verifies the received electronic data using the group 
key; and 

5 when the electronic data is correct according to 

a result of the verification, said electronic data is 
re-encrypted using the individual key and stored. 

19. The method according to claim 17, wherein 
10 said electronic data storage apparatus belonging 

to a group of electronic data storage apparatuses 
stores as the common key a public key of an electronic 
data storage apparatus belonging to another group of 
a plurality of electronic data storage apparatuses; 
15 a transmitting electronic data storage apparatus 

transmits electronic data after re-encrypting using 
the public key the data stored in the apparatus and 
encrypted using the individual key; 

a receiving electronic data storage apparatus 
20 verifies the received electronic data using a private 
key which is a pair to the public key; and 

when the electronic data is correct according to 
a result of the verification, said electronic data is 
re-encrypted using the individual key and stored. 
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20. A computer -readable storage medium used in an 
electronic data storage apparatus and storing a 
program to direct a computer to execute the steps of: 

verifying stored electronic data using an 
individual key unique to the electronic data storage 
apparatus; and 

transmitting the electronic data to a receiving 
apparatus after re-encrypting the electronic data 
using a common key shared with the receiving apparatus 
when a result of the verification is correct. 

21 . A computer-readable storage medium used in an 
electronic data storage apparatus and storing a 
program to direct a computer to execute the steps of: 

verifying externally received electronic data 
using a common key shared with a transmitting 
apparatus of the electronic data; and 

re _ encr ypting the electronic data using an 
individual key unique to the electronic data storage 
apparatus and storing the data when a result of the 
verification is correct. 
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Abstract of the Disclosure 



A storage apparatus includes a key management 
unit for managing an individual key unique to the 
5 apparatus and a common key shared with other storage 
apparatuses, and an encryption unit for performing an 
encrypting process or verifying data for performing 
the encrypting process on electronic data stored in 
the apparatus to which the unit belongs using the 

10 individual key, and performing the encrypting process 
or verifying the data on the electronic data 
transmitted to or received from another apparatus 
using the common key. Thus, the apparatus 

communicates data using an applicable common key in 

15 a local environment and a global environment, 
appropriately manages a key in each environment, and 
guarantees the security of the electronic data. 
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SPECIFYING GROUP IDENTIFICATION INFORMATION | 
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KEY MANAGEMENT UNIT SELECTS INDIVIDUAL KEY 
IN INDIVIDUAL KEY STORAGE UNIT 



r 



ENCRYPTION UNIT GENERATES INDIVIDUAL KEY OF 

MAIN STORAGE APPARATUS IN GROUP BY 
ENCRYPTING GROUP IDENTIFICATION INFORMATION 
USING INDIVIDUAL KEY 
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DISTRIBUTING INDIVIDUAL KEY TO MAIN STORAGE / 
APPARATUS IN GROUP V 
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END 



FIG. 14 



HIGHER ORDER GROUP 




FIG. 15 




CO 

ill 
a 



<D 

0 
CO 



CM 

C\J 



CD 



Q 



PTO/SBSIOSfMe) 
Approve far UMlhrooghWaVSe. OMBOSSlIoott 
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Undsrtrw Paperwork Reduction Act oM90fr^ V»d OMB eonMlwmbT. 
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Japanese Language Declaration 



T^^flfflfiLT. ft}±riTWli»3l:^L-i-f. Asabetowiianv^HiventorJharebydecIa! 'hat: 

a<D&/*r. Elf»±Tie»a»ft*»fcfce^£«X My residence, post office address and citizenship arc as stated 

fc&9-C-J-. next to my name. 

TSK»*>#a*mKiSSl,X:tt*t5mK.1»imZh.. *mH0 I befievel am the original, fret and sola bw«iitor (IT only one name 

LTV>«*«Ci»»COVxr. &2 5 ftiW>"0»f— COfcffl*- (T isftsted below) or an original, first and Joint inventor (K plural 

JE»ft*# — 3<0«£) tL<H*SI4"OftW*lfl1f-Cfc5 names are listed below) of the subject matter which is daimadand 

4 (TIBO*!*^!***?*^) flTCTV**i-. foe whfch ■ patent ie sought on the invention entKJed 

ELECTRONIC DATA STORAGE APPARATUS WITH 



KEY MANAGEMENT FUNCTION AND ELECTRONIC 
DATA STORAGE METHOD 



kKftWalfl&rtf (TS!««t?xgi^<JHrVMtW^li^l±. the specification of which i« attached hereto unless the foHowino 



□ _H_Hfc*Hi*n. *HMIH#*ifctt*irttJ£#ett □ was«edon_ 
HUftmW***: iU ae United Wa* 



fitt. a^BIU'JffiWrSa 7«Jr51*.S 6Jfl»CJE»$na t i acknowledge the duty to diecloee Infomwrtion which is niatertet to 
*S»). «^K>*»-ri*»COV>rfiR)ttt*4:BB'r+5a[S5* : patentability as defined in Title 37. Code of Federal Regulations, 

Section iM. 



Pa*e I of -4 

Burden Hour Statement: ThU ta » esttm«t«l to take 0.4 tumn to complete. Tun* wUI v«ry depeadinr upon dw need* of the la 
•mount of time you are required to complete Btii form should he sent to the Chief IntbroMtkin Officer. Patent and Trademark Office. Washington, DC 20231. DO NOT 
SENO FEES OR COMPLETED FORMS TO THIS ADDRESS. SEND TO: C«>mmi««ionrr of Patents and Trademarks. Washington. DC 2023 1 . 
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(b) tffcJfc-frTttO. * WGl*»W<D#fe< £ <,-*W*«f 

y?L-ci»srfiFi«^**5 3 6 5 (m)m^x-r<mmm». x 

Prior Foreign Application^) 



(Number) 



(Country) 



(Number) 



(Country) 



ft. t. * 3 5 «*H8:* 1 1 9 * (e) «IC*V»TT3EW* 



(Application No.) 
(Hi****) 



(Filing Date) 
(W«S0) 



fttt. TS<J*>*GHi£#*3 5*31 2 0*fcat^TTJ5«* 

t8^j*W3 6S *(c) * 
fc. *f«W««-ff*Effl«^#i« s *lS^* 3 5*112* 
«l*XI*1»llFia/J*«tf<ttES*t.fc*»-C*frt-**H1t 
ftH}«KBH* S Kt v»* V^R 9 . •t<D*fT*BaW»f*«rK B 

TOXBW«PKX*5*vfc. ***WrS*»3 7»l*Se# 



(Application No.) 
(HUHS*) 



(Application No.) 



(Fifing Date) 
(HUBR) 



(FiHng Oate) 
(tHW0) 



I hereby cUen foreign priority under TWe »«, United State* Code. 
Section 11* (eHd| or «*<*>> of any foreion application^) for patent 
or Inventor** certificate, or 366(e) of any PCT Internationai 
application which designated at least one country other than the 
United States, Hsted below and have also Identified below, by 
checking the box, any foreign application for patent or inventor's 
certificate, or PCT International application having a filing date 
before that of the application on which priority is claimed. 

Priority Not Claimed 

1 8th/December/1 998 L 



(Day/Month/Year Filed) 
<fflH*MB) 



(Day/Month/Year Filed) 
(HJM^tO 



I hereby claim the benefit under Title 38. United States Code. 
Section 119(e) of any United States provisional application^) Mated 



(Application No.) 



(Filing Date) 
(rHKB) 



I hereby claim the benefit under Title J*. United States Code. 
Section 120 of any United States application^), or MS(c) of any 
PCT International application designating the United States, fsted 
below and, insofar as the subject matter of each of the claims of 
this application Is not disclosed In the prior United States or PCT 
International eppfication ki the manner provided by the first 
paragraph of Title 3S, United States Code Section 112, t 
acknowledge the duty to disclose information which Is material lo 
patentability as defined In Tide ST. Code of Federal f^uujrJont, 
Section iM which became available between the filing date of the 
prior application and the national of PCT International Mng date of 



(Status: Patented, Pending. Abandoned) 
(»« : tfttim*. amm 

(Status: Patented. Pending. Abandoned) 
(UK : IWWTO*. 



fttt. &fl*W*n»»Cati'V^T*I»***-C«.^TT<ti* 



I hereby declare that 
knowledge are true and that *l t 
and belief are believed to be true: i 
i made with the 

Ike so made are | 
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*fM* : mtTKnftW* t Lt. *r r 1MCH1'«— POWER OF ATTORNEY: A« « "am*! Inventor, I hereby appoint 
^SE*«r***»i««JSSK*rtTi»ltf-f«#a±*fc»±«:aA the fcMowtag attomey(s| and/or agentfs} to prosecute thi« 
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A*>Ec*&U r K&§*fc'flJEtf3w£} Omc« connected therewith (Ifct rwme and r*gHtnHon number) 

James D. Halsey. Jr.. 22.729: Harry John Staas. 22.010; David M. Pitcher. 25.908: John C. Garvey. 28.607:J. Randall Beckers. 

30.358: William F. Herbert. 31.024: Richard A. Golthofer. 31.106: Mark J. Henry, 36.162; Gene M. Garner II. 34,172: Michael D. 

Stein. 37.240; Paul I. Kravetz. 35.230: Gerald P. Joyce. 111. 37.648; Todd E. Marlette. 35.269; Harlan B. Williams. Jr.. 34.756: 
George N. Stevens, 36,938; Michael C. Soldner. 4 1.455; Norman L. Ourada, 41.235; Kevin R. Spivak, P-43. 148; and William M. 
Schertler. 35,348 (agent) 



Washington, D.C. 20001 



: <**r&tf*S#*) °*» ct Telephone Cafe to: (nam. andtefrpAone «,moer) 







Fu» name of sole or first inventor 

Yasutsugu KURODA 






Rtt 


Inventor's signature 


May* 17, 1999 




ear 


Residence (7 

Kanagawa, Japan 






mn 


Crttzenshlp 

Japan 






wit 


Post Office Address 

c/o FUJITSU LIMITED, 


1 -1 , Kamikodanakc 




4-chome, Nakahara-Ku, Kawasaki-sni, 
Kanagawa 211-8588, Japan 






Ft* name of second Joint Inventor, If any 

Jun KAMADA 








Second inventor's signature 


Oete 

May 17, 1999 




tferJr 


Residence 

Kanagawa, Japan 






C&tf 


Citizenship 

Japan 








^SfiSS&U LIMITED, 


1 -1 , Kamikodanak; 




4-chome, Nakahara-ku, Kawasaki-shx, 
^n 3T ™ ?11-ftRRR r .Taoan 



<JBHa»»*(SI«<«*tc:-3^Ttia]aicK«U. (Supply aMUr information end ekjneture for third and .ub.eq.MrH 
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Full name of third jdint inventor, if any 

Shoko IWASE 






Third inventor's signature Date 
^SJ^ **y 10, 1999 


& m 




Residence 
CA, U.S.A. 


m m 




Citizenship 

Japan 






Post Office Address 

1259 Lakeside Drive #3220 Sunnyvale, 


CA 94086 U.S.A. 






Full name of fourth joint inventor, if any 
Bintatsu NODA 




e# 


Fourth inventor's signature Date 

te-Ariu. ^ 17, 1999 


& m 




Residence 
Kanagawa, Japan 


gg fg Citizenship 

Japan 






Post Office Address 

c/o FUJITSU LIMITED, 1-1, Kamikodanaka 


4-chome, Nakahara-ku, Kawasaki-shi, 
^nagp™ ?11-fi5ftR, Japan 








Full name of fifth joint inventor, if any 
Etsuo ONO 






Fiftl* inveiyfiT* s signature Date 
$W hhjT N*y 1999 


&. m 




Residence 
Kanagawa, Japan 


m m 




Ci t izenship 
Japan 






Post Office Address 

c/o FUJITSU LIMITED, 1-1, Kamikodanaka 


4-chome, Nakahara-ku, Kawasaki-shi, 
g^n^na..^ oi 1 _q^r« — .Tartan 






Full name of sixth joint inventor, if any 






Sixth inventor's signature Date 


&. m 




Res idence 


a 9t 




Citizenship 






Post Office Address 






Ci) 


(Supply similar information and signature for 
seventh and subsequent joint inventors.) 



Page 4 of 4 



